Amberwolf

**Name of the Vulnerable Software and Affected Versions** Cato Windows SDP client versions prior to 5.10.34 **Description** The issue is related to Remote Code Execution and Improper Input Validation, allowing OS Command Injection via crafted URLs. This can potentially lead to malicious commands being executed on the affected system. **Recommendations** For versions prior to 5.10.34, update to version 5.10.34 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted URLs that could exploit the Improper Input Validation vulnerability until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Cato Networks SDP Client versions prior to 5.10.34 **Description** The issue affects the Cato Networks SDP Client on Windows, allowing for local privilege escalation due to an untrusted search path and incorrect default permissions. **Recommendations** For versions prior to 5.10.34, update to version 5.10.34 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cato Networks Windows SDP Client versions prior to 5.10.34 **Description** The issue is related to a local privilege escalation vulnerability in the Cato Networks Windows SDP Client via the openssl configuration file. **Recommendations** For versions prior to 5.10.34, update to version 5.10.34 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cato Networks SDP Client versions prior to 5.10.34 **Description** A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on the attacker's system. **Recommendations** For versions prior to 5.10.34, update to version 5.10.34 or later to resolve the issue. As a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cato Networks SDP Client versions prior to 5.10.28 **Description** The issue affects Cato Networks SDP Client on Windows, where local root certificates can be installed by low-privileged users, and there is an Improper Input Validation vulnerability that allows Command Injection. **Recommendations** For versions prior to 5.10.28, update to version 5.10.28 or later to resolve the issue. As a temporary workaround, consider restricting access to certificate installation and input validation functions to minimize the risk of exploitation.